introduction cs 239 advanced topics in computer security peter reiher september 23 2010
Skip this Video
Download Presentation
Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010

Loading in 2 Seconds...

play fullscreen
1 / 29

Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010 - PowerPoint PPT Presentation

  • Uploaded on

Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010. Outline. Subject of class Class topics and organization Reading material Class web page Grading Projects Office hours. Subject of Class. Problems and solutions in computer security

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010' - christopher-monroe

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  • Subject of class
  • Class topics and organization
  • Reading material
  • Class web page
  • Grading
  • Projects
  • Office hours
subject of class
Subject of Class
  • Problems and solutions in computer security
  • Concentrating on unsolved problems and recent research
  • Covering networks, systems, other aspects of computer security
    • Including privacy
  • Intended for students with serious research interest in security
class organization
Class Organization
  • Graduate level seminar class
  • Concerning topics of ongoing research in security
  • Based around group discussions
    • Not formal lectures
a typical class
A Typical Class
  • Someone (usually one of you) will spend 15-20 minutes outlining a topic
  • Remainder of class will be spent discussing it
  • Whoever presented it should lead discussion
  • Generally, everyone will lead a discussion at some point
topics to be covered
Topics to Be Covered
  • Many of the following:
    • Taint tracking
    • Distributed denial of service attacks
    • Privacy and social networking
    • TPM and related technologies
    • Malware for portable devices
    • Botnets
    • Security for ubiquitous computing
    • Security versus usability
more topics
More Topics
  • BGP security
  • DNS security
  • Cyberwarfare and cyber-deterrence
  • Novel hardware attacks (e.g., cold boot, firmware attacks)
  • Privacy and data mining
  • Security education
  • Web security
  • Internet tools for privacy
yet more topics
Yet More Topics
  • Measuring security
  • Data provenance tracking
  • Attack attribution
  • Insider threat detection
  • Trust
  • Novel access control mechanisms
  • Biometric authentication
  • Security for vehicular networks
  • Analyzing malware
and a few more topics
And a Few More Topics
    • Virtual machine approaches to security
    • Security for cloud computing
    • Preventing information leaks
    • Social engineering and defenses against it
    • Computer forensics
  • Not intended as an exhaustive list
    • Your favorite topic might be added
assigning topics
Assigning Topics
  • Nineteen total classes, counting today
  • I’ll take the next two classes
  • One day for midterm
  • Two days for project presentations
  • That leaves 13 more classes
  • 2 students lead discussion on some topic
  • To be decided by the end of second class
  • First come, first served
reading material
Reading Material
  • No textbook
  • 2-4 papers for each class
    • Some selected by me
    • Some by class leader
  • Papers will be made available on class web page
  • In some cases, web pages may be used instead of papers
class web page
Class Web Page
  • Will show class schedule
  • And list papers for each class
    • With links to them
  • Other useful information also there
  • 20% midterm
  • 40% class participation
  • 40% project
  • No final exam
midterm exam
Midterm Exam
  • Essay questions based on material in first half of class
  • Probably three questions
  • Open notes
    • Including papers
class participation
Class Participation
  • Covers both class you lead (15%) and participation in other classes (25%)
  • Not graded on brilliance
  • But on involvement and ability to contribute to discussion
  • If you can’t regularly attend this class, you won’t do well in it
leading a class discussion
Leading a Class Discussion
  • Should focus on:
    • Analysis of the problem
    • Critiques of existing solutions
    • Suggested improvements to those
      • Or new solution approaches
  • Think of it as being part of a research team looking at this problem
  • Goal is to spark a discussion
    • Not to spend two hours reviewing the papers that were assigned
slides for presentations
Slides for Presentations
  • Not required, but a good idea
  • If possible, send them to me ahead of time
    • So I can post them on the web page
  • I’ll bring a projector to every class
class projects
Class Projects
  • Half of your grade
  • Group projects (2-4 people)
  • On some topic involving network security
  • Must be a research topic
    • Not just implementing known stuff
project proposals
Project Proposals
  • Project proposals due at end of 4th week of class (October 15)
  • 1-page summary of what you want to do
  • Can be submitted as hard copy or email
  • Not graded, but required
project status reports
Project Status Reports
  • Due at end of 7th week of classes (November 5)
  • 1-3 page summaries of the progress you’ve made to that date
    • Hint: there should be some
  • Hard copy or email OK
  • Not graded, but required
project presentation
Project Presentation
  • Last two class days reserved for project presentations
  • In-class presentation of your project
    • Demo, if feasible
  • Graded as part of project itself
project demonstration
Project Demonstration
  • If not feasible to demo in class, arrange a separate demo with me
  • Projects should (usually) produce something demonstrable
  • Important that demo shows off something interesting about project
  • Graded as part of project
project reports
Project Reports
  • Written reports on project
  • Due Monday of finals week (December 10)
  • 15 pages is typical length
  • Should:
    • Describe problem and approach
    • Cover difficulties and interesting points
    • Describe implementation
    • Show that you’ve learned something from it!
what makes a good project
What Makes a Good Project?
  • Probably requires coding
    • Hardware OK, if you can do it
    • Theoretical work acceptable, but you’ll need real results
  • Probably requires testing and/or measurement
  • Should be research
    • Original work no one else has already done
    • Based on a promising idea
    • Ideally, this should be capable of being converted to a publishable research paper
office hours
Office Hours
  • MW 2-3
  • In 3532F Boelter Hall
  • I’m around a lot, so other times can be arranged by appointment
  • Should have taken an operating system and a networking class
  • Should have taken my CS 136 on Computer Security
    • Or similar class elsewhere
  • I’m not going to check on this
  • But I’ll assume you know this material
    • I won’t be presenting reviews of this material
kinds of security things you should know about
Kinds of Security Things You Should Know About
  • IPsec and SSL
  • Key exchange protocols, certificates, certification hierarchies
  • Common attack classes (e.g., man in the middle, replay, buffer overflows)
  • Basics of security threats and mechanisms
  • Use of cryptography for authentication, privacy, and other purposes
  • Basics of firewalls and virus protection systems
  • Basics of viruses and worms
kinds of operating system things you should know
Kinds of Operating System Things You Should Know
  • Operating system structure and organization
  • Memory management
  • File system architecture
  • Booting and hardware interactions
  • Virtual machine technology
  • Process management and scheduling
kinds of networking things you should know about
Kinds of Networking Things You Should Know About
  • TCP/IP
  • Routing protocols
  • How DNS works
  • Basics of wireless networks
  • Basic design and architecture of the Internet
  • Basics of application-layer protocols (e.g., HTTP)